WebScout is a powerful Chrome extension that helps you identify security vulnerabilities in web applications. It scans web pages for common security issues such as Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), SQL Injection, and SSL/TLS configurations.
- Quick Security Scanning: Analyze any webpage for vulnerabilities with a single click
- AI-Enhanced Detection: Leverages advanced machine learning to identify complex security issues
- Comprehensive Vulnerability Reports: Get detailed explanations and remediation steps
- Multiple Scan Depths: Choose between quick, standard, or thorough scanning based on your needs
- Exportable Reports: Save and share your security findings easily
- User-Friendly Interface: Clean, intuitive design for both technical and non-technical users
WebScout can detect a variety of security issues, including:
- Cross-Site Scripting (XSS): Identifies potential script injection points
- Cross-Site Request Forgery (CSRF): Detects forms without proper protection
- SQL Injection: Finds potential database query vulnerabilities
- File Inclusion/Upload Vulnerabilities: Identifies insecure file handling
- Command Injection: Detects potential OS command execution issues
- SSL/TLS Issues: Checks for proper HTTPS implementation and HSTS headers
- Visit the Chrome Web Store (link to be added)
- Search for "WebScout Security Scanner"
- Click "Add to Chrome"
- Download or clone this repository
- Open Chrome and go to
chrome://extensions/ - Enable "Developer mode" in the top-right corner
- Click "Load unpacked" and select the downloaded folder
- The extension should now appear in your toolbar
- Navigate to any website you want to scan
- Click the WebScout icon in your browser toolbar
- Click the "Scan Current Page" button
- Review the results in the vulnerabilities section
- Export the report if needed
WebScout requires a local backend server to perform advanced analysis:
- Make sure you have Python and Flask installed
- Navigate to the backend directory:
cd backend - Install dependencies:
pip install -r requirements.txt - Run the server:
python app.py - The server will start on
http://127.0.0.1:5000
- Scan Depth: Choose between quick, standard, or thorough scans
- AI-Enhanced Detection: Toggle advanced AI-based vulnerability detection
- Auto-Scan: Automatically scan pages when you visit them